Wednesday, December 15, 2010

First Gawker Now McDonalds, Walgreens and deviantART

It would seem as though hackers have been busy of late. First we were informed of a breach over at Gawker, where not only email address but usernames and passwords were stolen. Now we have news from Silverpop Systems, Inc. of Atlanta, Georgia, a company that serves a host of top-tier business, that databases containing user emails from two of their clients have been breached. What sites you may ask. None other than McDonalds and deviantART. This follows a similar report from Walgreens that databases congaing user emails and dates of birth had been breached.

In the case of Walgreens it is unclear if the breach is related to the other two Silverpop breaches or not. The company did not reveal how the data was stolen, but coincidentally, the drugstore chain shares a business partner with McDonald's. Both companies use the marketing services firm Arc Worldwide — the company that hired Silverpop Systems, according to reports, to manage McDonald's database. Either way millions of users have been affected in the recent breaches.

Details for consumers

Walgreens recently posted the following:
Dear Valued Customer,

We recently became aware of unauthorized access to an email list of customers who receive special offers and newsletters from us. As a result, it is possible you may have received some spam email messages asking you to go to another site and enter personal data. We are sorry this has taken place and for any inconvenience to you.

We want to assure you that the only information that was obtained was your email address. Your prescription information, account and any other personally identifiable information were not at risk because such data is not contained in the email system, and no access was gained to Walgreens consumer data systems. As a company, we absolutely believe that all customer relationships must be built on trust. That is why we believe it is important to inform you of this incident. Online security experts have reported an increase in attacks on email systems, and therefore we have voluntarily contacted the appropriate authorities and are working with them regarding this incident.

We encourage you to continue to be aware of increasingly common email scams that may use your email address to contact you and ask for personal or sensitive information. Always be cautious when opening links or attachments from unsolicited third parties. Also know that Walgreens will not send you emails asking for your credit card number, social security number or other personally identifiable information. So if ever asked for this information, you can be confident it is not from Walgreens.

If you have any questions regarding this issue, please contact us at 1-888-980-0963. We take your privacy very seriously, and we will continue to work diligently to protect your personal information.

Sincerely, Walgreens Customer Service Team

Here's is the McDonalds notice to customers:
Unfortunately, a third party was able to defeat the security measures put in place by the email database management firm to protect the information you provided to us. Law enforcement authorities have been notified and are investigating the matter.

And deviantART recently informed customers:

Silverpop Systems, Inc., a leading marketing company that sends email messages for its clients, told us that information was taken from its servers. This was probably part of a sweep by spammers. As a result, email addresses belonging to deviantART members were copied. Corresponding usernames and birth date may also have been removed.

We can assure you that nothing occurred on our systems with respect to this incident and no access was gained to private information on deviantART’s servers.

As a member of deviantART, you certainly have a right to know when an incident of this kind occurs. Unfortunately spammers are an unavoidable part of living on the Web.

The likely result of this event might be an increase in spam to your email. Experts have told us that there is an increase in email scams out there on the Internet and you should be cautious. Only click links or download attachments from people you know, particularly if they ask for personal information, and be sure that your email service provider has adequate spam filters.

Because we value the information that members give us, we have decided not to rely on the services of Silverpop in the future and their servers will no longer hold any data from us.

"It appears Silverpop was among several technology providers targeted as part of a broader cyberattack," Silverpop said in a statement. Further statements made by Silverpop Chief Executive Bill Nussey today would suggest the company wants to make it very clear that they are not the only company that has suffered a breach. "In parallel to our customer and security-focused efforts, we continue to work with law enforcement to identify the criminals that have targeted us and several other companies in our industry, " Nussey writes.

Never heard of Silverpop, well you aren't alone. In fact before the recent breaches I had never heard of the company myself. However chances are you or someone you know has an email address associated with one of their many clients. The company after-all has over 105 rather big name customers!

The company states it is working with law enforcement officials and the FBI to uncover who is behind the breach but until then it is advised that you beware your inbox, even if the email is from a know source!

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you